The use of computers to perform many varied functions is widespread throughout modern society. Their use, for instance, for purposes of data storage and manipulation is regularly essential to carry out many business, and other, activities. And, with advancements in computer technologies regularly providing for increases in computer storage capacities and computer processing speeds, all at lower costs, increased usage of computers to perform yet more functions is likely. Groups of computers are regularly connected together in networks that provide for communication of data between computer devices that form logical nodes of the networks.
Interconnected computers in a business, or other, enterprise are sometimes referred to as a Local Area Networks (LANs). And, groups of Local Area Networks are sometimes interconnected with remotely-positioned computer devices by way of the public, or other network, connections. The Internet is exemplary of a public network that provides for communication connectivity between remotely positioned computer devices. Many informational and communication services are provided use of an Internet-connected computer device that sends and receives data with a remotely-positioned computer device. Sometimes, the remote computer device permits access to data stored thereat without limitation. Other times, access to the computer device is limited. That is to say, universal access is not provided; rather, access to the stored contents of a computer device is limited to only limited numbers of users. To gain access to the stored contents of a computer device, the device requesting access must identify itself, or its user, as a party that is permitted such access.
Oftentimes, the authorization procedure forms a two-step process. Both identification procedures and then authentication procedures are carried out. An identification procedure pertains to a procedure by which a user informs a remote computer device of the user's identity, e.g., by way of submission of a user name. The identification procedure is typically a relatively simple procedure based upon the sending of a user name or user ID (Identification). In the case of a system or process, identification is usually based upon, e.g., a computer name, a Medium Access Control (MAC) address, an Internet Protocol (IP) address, or a Process ID (PID). Irrespective of upon what the identification is based, the identification generally must uniquely identify the user, does not identify the user's organizational position or other indication of relative importance, and generally avoids using common or shared user accounts, such as ROOT, ADMIN, or SYSADMIN.
An authentication procedure is performed to verify the claimed identity of a user. A user's claimed identity is verified, e.g., by comparing an entered password to a stored password, stored in a system and associated with, or otherwise indexed together with, a given user name. An authentication procedure is typically based upon at least one of four factors. First, authentication is sometimes based upon a value that is known by a user, such as a password or Personal Identification Number (PIN). When a password or Personal Identification Number is used pursuant to authentication, an assumption must be made, that only the authorized party knows the password or Personal Identification Number. Sometimes, a token, such as that provided on a SMART card, is used. When a token is used pursuant to authentication, an assumption is analogously made that only an authorized party has the token or smart card needed to authenticate the identity of the user attempting access. Sometimes fingerprint, voice, retina, iris, or other characteristic information of the user is used pursuant to authentication procedures. And, sometimes, the authentication procedure requires the request that is made to be position-dependent, using, e.g., GPS (Global Positioning System)—based information.
When the authentication procedure requires a password, or other personal identification number to be used, the password must be of characteristics that make unauthorized determination of the password, such as by a brute force method, to be difficult. The password, oftentimes, therefore, is of an inconveniently lengthy configuration, sometimes combining both a PIN and a password. While passwords and Personal Identification Numbers, used in combination with other authentication procedures reduces the possibility of successfully accessing a computer by an unauthorized party, sometimes use of such additional procedures is unavailable or not permitted for any of various reasons.
Existing authentication procedures that require the use of lengthy passwords or Personal Identification Numbers is therefore sometimes unwieldy. An improved manner by which to provide for authentication of a requester requesting access to a computer device that does not require the memorization of a lengthy password would therefore be advantageous.
It is in light of this background information related to identification and authentication procedures that the significant improvements of the present invention have evolved.